--- a/cgi/cmd.c
+++ b/cgi/cmd.c
@@ -1922,14 +1922,14 @@
 		return ERROR;
 
 	len = snprintf(cmd, sizeof(cmd) - 1, "[%lu] %s;", time(NULL), command);
-	if(len < 0)
+	if(len < 0 || len >= sizeof(cmd))
 		return ERROR;
 
 	if(fmt) {
 		va_start(ap, fmt);
 		len2 = vsnprintf(&cmd[len], sizeof(cmd) - len - 1, fmt, ap);
 		va_end(ap);
-		if(len2 < 0)
+		if(len2 < 0 || len2 >= sizeof(cmd) - len)
 			return ERROR;
 		}